Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Podcast |
CyberWire Daily
Publisher |
The CyberWire
Media Type |
audio
Podknife tags |
Cybersecurity
Tech News
Technology
Categories Via RSS |
Daily News
News
Tech News
Technology
Publication Date |
Oct 03, 2022
Episode Duration |
00:30:22
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA)  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)  Two Microsoft Exchange zero-days exploited in the wild. (CyberWre)  CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)  CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer)  Honolulu Man Pleads Guilty to Sabotaging Former Employer’s Computer Network (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA)  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)  Two Microsoft Exchange zero-days exploited in the wild. (CyberWre)  CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)  CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer)  Honolulu Man Pleads Guilty to Sabotaging Former Employer’s Computer Network (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices

Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s your off-boarding program working out?

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/11/190

Selected reading.

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) 

blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/">Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center)

new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html">Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC)

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security)

Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer) 

Two Microsoft Exchange zero-days exploited in the wild. (CyberWre) 

CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA)

Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters)

Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future) 

CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com)

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity)

Lazarus & BYOVD: evil to the Windows core (Virus Bulletin)

Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer)

Mexican government suffers major data hack, president's health issues revealed (Reuters)

Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future)

Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters)

Russians dodging mobilization behind flourishing scam market (BleepingComputer) 

Honolulu Man Pleads Guilty to Sabotaging Former Employer’s Computer Network (US Department of Justice)

Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review